[Koha-bugs] [Bug 36304] Update C4::Auth in_iprange function to work when Koha is hosted behind a cloudflare proxy
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Mar 14 00:25:24 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36304
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
Cloudflare is just a reverse proxy like any other, so it will pass the client's
IP in the X-Forwarded-For header.
This means that you should be able to use "koha_trusted_proxies" in
koha-conf.xml to handle this scenario. This also means REMOTE_ADDR will be the
client's IP for other IP-based scenarios like ILS-DI, logging, etc.
Cloudflare provides a list of their public IP addresses at
https://www.cloudflare.com/en-gb/ips/
--
If you did want to use HTTP_CF_CONNECTING_IP specifically, you could look at
modifying Koha/Middleware/RealIP.pm
But since CF_CONNECTING_IP is user-supplied you would still want to validate
the REMOTE_ADDR against the list of Cloudflare's IP addresses. Otherwise,
anyone could stick their own reverse proxy in front of your Koha and pretend
to be someone else by inserting their own header.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list